Forget Privacy, This Is the Biggest Potential Hazard When It Comes to Drones
Privacy concerns can be managed through laws; cybersecurity is a far more elusive hazard.
Drones are taking off as their own industry — literally. In the last year, the number of requests for commercial operation unmanned aerial vehicles (UAVs) has gone from around 100 to over 5,000. That’s a substantial increase from 2015, and it’s far away from flat lining.
With the highly anticipated release of the small commercial UAV regulations (Part 107), entrepreneurs, VC’s and thousands of techies are eagerly ready to jump onboard the bandwagon. New uses for UAVs are found almost daily, with industries ranging from A to Z — from Aquaculture to Zoological Research.
As the popularity and potential uses for drones grow exponentially, so too do the potential hazards. Of course, the most vocal fears of UAVs are usually from the privacy advocates, who fear the invasion of our rights to privacy by the use of drones. However, there is one risk that should be even more pressing — cybersecurity.
While privacy can be (somewhat) managed through laws and regulation, cybersecurity is, by its intangible nature, much more elusive. A kid in Taiwan could, theoretically, hack their way into a drone operating in Montana and control it to perform nefarious activities; and if that kid covers their tracks sufficiently, it will be very hard to prove anything (even if they were discovered, international law in such a case would likely move at a glacial pace).
So our primary focus should be on how we can safeguard against these types of attacks. However, to find the answer, we must first dig even further and figure out how this hack could be carried out in the first place.
There are several ways to accomplishing such a feat, and I usually like to break it down into two categories:
- Hardware Attack — This type of attack is performed at a very low level, such as getting malicious firmware into the processors. This could be a piece of code that is activated at a later date to perform certain functions, or could be activated continuously from the initial infection, as to monitor the activities the drone is performing without the human noticing.
- Wireless Attack — An attack from the “outside” — as in sensor spoofing or directly hacking into the UAV to take over control from a remote location.
From the impact standpoint, a hardware attack is much more widespread, especially if the code is installed by the chip vendor. As with many things, these chips are built in China — delivering “malicious” chips for drone use would open a major door for anyone trying to create widespread havoc. In comparison, wireless attacks would be much more “one-on-one,” since the “bad guys” might try to hack an individual drone to make it perform a specific action.
As we build these systems, it is critical for us to understand all the entry points that could be taken. Going back to the hardware attack scenario — this means having absolute quality control and trust with the vendors who deliver the drone components.
Looking for More? Here are the 2 Biggest Myths About Drones
The wireless attack is a bit trickier. A UAV has many entry points through which the processor could be attacked. Typically, the first thing people think about are the wireless datalinks to control it; in this instance, it means that simply creating a stronger signal than the base station could be enough to override it. Some basic encoding can create a much harder access in this case.
The navigation system is an easier target for this type of attack. Most drones depend on GPS for navigation, and newer models are also starting to see ADS-B being integrated. Both of those rely on outside signals, which the drone uses to compute its own location. Jamming (creating interference with the actual signal) or spoofing (imitating the actual signal) are two very effective means of getting a drone to do something without having to actually penetrate its own defenses (simply creating an illusion for the navigation suite).
This type of attack was supposedly demonstrated by Iran to get a U.S. RQ-170 UAV to land on one of their runways. While some attacks can be thwarted by employing encryption and firewalls, nav attacks are difficult to prevent because the drone relies on the signals mentioned above. Certain systems, such as Receiver Autonomous Integrity Monitoring (RAIM) does a good job at monitoring false GPS signals, but of course methods to counter it are already being explored. Navigation spoofing will be an interesting game by itself in the future.
In sports it’s said that you’re only as good as your weakest player; with drones, you are only as secure as your weakest system. As we develop these systems, it is important to be aware of all of their weaknesses, and build in strong security measures from the beginning. Unfortunately, this will always be a bit of a cat and mouse game; as new methods to protect a drone from an attack are developed, so is a method to circumnavigate this method. But with calculated foresight, we can force the cat to run a little harder if they ever have hopes of catching the mouse.
Bio: Andy Von Stauffenberg is the CEO Of VStar Systems.
Security Is Our Business, Too
For professionals who recommend, buy and install all types of electronic security equipment, a free subscription to Security Sales & Integration is like having a consultant on call. You’ll find an ideal balance of technology and business coverage, with installation tips and techniques for products and updates on how to add sales to your bottom line.
A free subscription to the #1 resource for the residential and commercial security industry will prove to be invaluable. Subscribe today!